<?php

/**
 * Maikuro Framework
 *
 * LICENSE:
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * The license is bundled with this package in the file LICENSE.txt.
 * You may also obtain a copy of the License at this URL:
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 * @copyright  Copyright (c) 2010, Jonathan Hedrén
 * @author     Jonathan Hedrén <jonathan.hedren@gmail.com>
 * @license    http://www.apache.org/licenses/LICENSE-2.0 Apache License, Version 2.0
 */

/**
 * A basic authentication class.
 */
class Auth {

    const SESSION_AUTHENTICATED_KEY = 'session_authenticated_key';
    const SESSION_LIFETIME_KEY      = 'session_lifetime_key';

    /**
     * The hash algorithm to use for hashing the password and salt.
     *
     * @var string
     */
    static protected $hashAlgo = 'md5';

    /**
     * The lifetime of the authentication session.
     *
     * @var integer
     */
    static protected $lifetime = 1800;

    /**
     * Authenticates a user by providing the password, the string to match
     * against and an optional salt. This method will NOT set any user data to
     * the session.
     *
     * @param string $password
     * @param string $match
     * @param mixed $salt
     * @return boolean
     */
    static public function authenticate($password, $match, $salt = null)
    {
        if ($salt !== null) {
            $password = $password . $salt;
        }
        
        if (self::$hashAlgo !== null) {
            $password = hash(self::$hashAlgo, $password);
        }

        if ($password == $match) {
            
            Session::regenerateId();
            Session::set(self::SESSION_AUTHENTICATED_KEY, true);
            Session::set(self::SESSION_LIFETIME_KEY, time() + self::$lifetime);
            return true;
        }

        return false;
    }

    /**
     * Clears the authentication session.
     * 
     * @return void
     */
    static public function clearAuthentication()
    {
        Session::set(self::SESSION_AUTHENTICATED_KEY, null);
        Session::set(self::SESSION_LIFETIME_KEY, null);
        Session::regenerateId();
    }

    /**
     * Checks the authentication session.
     *
     * Differs from the isAuthenticated method by not checking if the session
     * is expired.
     *
     * @return boolean
     */
    static public function hasIdentity()
    {
        if (Session::get(self::SESSION_AUTHENTICATED_KEY) === null
            || !Session::get(self::SESSION_AUTHENTICATED_KEY)) {
                return false;
        }
        return true;
    }

    /**
     * Checks the authentication session.
     *
     * @return boolean
     */
    static public function isAuthenticated()
    {
        if (time() > Session::get(self::SESSION_LIFETIME_KEY)) {
            return false;
        }
        if (Session::get(self::SESSION_AUTHENTICATED_KEY) === null
            || !Session::get(self::SESSION_AUTHENTICATED_KEY)) {
                return false;
        }
        return true;
    }

    /**
     * Sets the hash algorithm to use for hashing the password and salt.
     *
     * @param string $hashAlgo
     * @return void
     */
    static public function setHashAlgo($hashAlgo)
    {
        self::$hashAlgo = $hashAlgo;
    }

    /**
     * Sets the lifetime of the authentication session.
     *
     * @param integer $lifeTime
     * @return void
     */
    static public function setLifetime($lifeTime)
    {
        self::$lifetime = (int) $lifeTime;
    }
}
